OSDN > Find Software > ImmortalWrt > SCM > git > luci > Commit

ImmortalWrt
Fork
immortalwrt
packages
luci

R/O
HTTP
SSH
HTTPS

luci: Commit

LuCI - OpenWrt Configuration Interface

Commit MetaInfo

Revision	2a43828292f1411453ad5c9c834d1334e1a7f187 (tree)
Time	2022-01-21 16:53:47
Author	Tianling Shen <cnsztl@immo...>
Commiter	Tianling Shen

Log Message

Merge Mainline

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

Change Summary

modified: applications/luci-app-passwall/Makefile (diff)
modified: applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua (diff)
modified: applications/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua (diff)
delete: applications/luci-app-passwall/luasrc/view/passwall/global/{tips.htm => faq.htm}
modified: applications/luci-app-passwall/po/zh-cn/passwall.po (diff)
modified: applications/luci-app-passwall/root/usr/share/passwall/0_default_config (diff)
modified: applications/luci-app-passwall/root/usr/share/passwall/app.sh (diff)
modified: applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh (diff)
add: applications/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh (diff)
modified: applications/luci-app-passwall/root/usr/share/passwall/iptables.sh (diff)
modified: applications/luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic (diff)

Incremental Difference

--- a/applications/luci-app-passwall/Makefile

+++ b/applications/luci-app-passwall/Makefile

		@@ -6,9 +6,9 @@
6	6	include $(TOPDIR)/rules.mk
7	7
8	8	PKG_NAME:=luci-app-passwall
9		-PKG_VERSION:=4.46
	9	+PKG_VERSION:=4.48
10	10	PKG_RELEASE:=2
11		-#20220108
	11	+#20220120
12	12
13	13	PKG_CONFIG_DEPENDS:= \
14	14	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Brook \

--- a/applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua

+++ b/applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua

		@@ -6,6 +6,7 @@ local node_section = var["-node"]
6	6	local proto = var["-proto"]
7	7	local proxy_way = var["-proxy_way"]
8	8	local redir_port = var["-redir_port"]
	9	+local route_only = var["-route_only"]
9	10	local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
10	11	local local_socks_port = var["-local_socks_port"]
11	12	local local_socks_username = var["-local_socks_username"]

		@@ -24,6 +25,7 @@ local dns_client_ip = var["-dns_client_ip"]
24	25	local dns_query_strategy = var["-dns_query_strategy"]
25	26	local dns_socks_address = var["-dns_socks_address"]
26	27	local dns_socks_port = var["-dns_socks_port"]
	28	+local dns_fakedns = var["-dns_fakedns"]
27	29	local loglevel = var["-loglevel"] or "warning"
28	30	local network = proto
29	31	local new_port

		@@ -33,6 +35,7 @@ local sys = api.sys
33	35	local jsonc = api.jsonc
34	36	local appname = api.appname
35	37	local dns = nil
	38	+local fakedns = nil
36	39	local inbounds = {}
37	40	local outbounds = {}
38	41	local routing = nil

		@@ -277,7 +280,7 @@ if node_section then
277	280	protocol = "dokodemo-door",
278	281	settings = {network = proto, followRedirect = true},
279	282	streamSettings = {sockopt = {tproxy = proxy_way}},
280		- sniffing = {enabled = true, destOverride = {"http", "tls"}, RouteOnly = true}
	283	+ sniffing = {enabled = true, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, RouteOnly = route_only and true or nil}
281	284	})
282	285	end
283	286

		@@ -513,7 +516,7 @@ if node_section then
513	516	end
514	517	end
515	518
516		-if dns_server then
	519	+if dns_server or dns_fakedns then
517	520	table.insert(outbounds, {
518	521	protocol = "dns",
519	522	tag = "dns-out"

		@@ -550,6 +553,18 @@ if dns_server then
550	553	}
551	554	end
552	555
	556	+ if dns_fakedns then
	557	+ fakedns = {}
	558	+ fakedns[#fakedns + 1] = {
	559	+ ipPool = "198.18.0.0/16",
	560	+ poolSize = 65535
	561	+ }
	562	+ dns_server = "1.1.1.1"
	563	+ dns.servers = {
	564	+ "fakedns"
	565	+ }
	566	+ end
	567	+
553	568	if dns_listen_port then
554	569	table.insert(inbounds, {
555	570	listen = "127.0.0.1",

		@@ -599,7 +614,7 @@ if dns_server then
599	614	})
600	615	end
601	616
602		- if node_section and (proto and proto:find("tcp")) and redir_port then
	617	+ if node_section and (proto and proto:find("tcp")) and redir_port and not dns_fakedns then
603	618	local outboundTag = node_section
604	619	local node = uci:get_all(appname, node_section)
605	620	if node.protocol == "_shunt" then

		@@ -634,6 +649,7 @@ if inbounds or outbounds then
634	649	},
635	650	-- DNS
636	651	dns = dns,
	652	+ fakedns = fakedns,
637	653	-- 传入连接
638	654	inbounds = inbounds,
639	655	-- 传出连接

--- a/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

+++ b/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

		@@ -176,43 +176,54 @@ udp_node:value("tcp", translate("Same as the tcp node"))
176	176
177	177	s:tab("DNS", translate("DNS"))
178	178
	179	+if api.is_finded("smartdns") then
	180	+ dns_shunt = s:taboption("DNS", ListValue, "dns_shunt", translate("DNS Shunt"))
	181	+ dns_shunt:value("dnsmasq", "Dnsmasq")
	182	+ dns_shunt:value("smartdns", "SmartDNS")
	183	+
	184	+ group_domestic = s:taboption("DNS", Value, "group_domestic", translate("Domestic group name"))
	185	+ group_domestic.placeholder = "local"
	186	+ group_domestic:depends("dns_shunt", "smartdns")
	187	+ group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
	188	+end
	189	+
	190	+o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
	191	+o.default = "0"
	192	+
179	193	---- DNS Forward Mode
180		-o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
181		-o.rmempty = false
182		-o:reset_values()
	194	+dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
	195	+dns_mode.rmempty = false
	196	+dns_mode:reset_values()
183	197	if api.is_finded("pdnsd") then
184		- o:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node")))
	198	+ dns_mode:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node")))
185	199	end
186	200	if api.is_finded("dns2socks") then
187		- o:value("dns2socks", "dns2socks")
	201	+ dns_mode:value("dns2socks", "dns2socks")
188	202	end
189	203	if has_v2ray then
190		- o:value("v2ray", "V2ray")
	204	+ dns_mode:value("v2ray", "V2ray")
191	205	end
192	206	if has_xray then
193		- o:value("xray", "Xray")
	207	+ dns_mode:value("xray", "Xray")
194	208	end
195		-o:value("udp", translatef("Requery DNS By %s", translate("UDP Node")))
196		-o:value("custom", translate("Custom DNS") .. "(UDP)")
197		-o:value("nonuse", translate("No Filter"))
	209	+dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
198	210
199	211	o = s:taboption("DNS", ListValue, "v2ray_dns_mode", " ")
200	212	o:value("tcp", "TCP")
201	213	o:value("doh", "DoH")
	214	+o:value("fakedns", "FakeDNS")
202	215	o:depends("dns_mode", "v2ray")
203	216	o:depends("dns_mode", "xray")
204		-
205		----- Custom DNS
206		-o = s:taboption("DNS", Value, "custom_dns", translate("Custom DNS"))
207		-o.default = "127.0.0.1#5353"
208	217	o.validate = function(self, value, t)
209		- local v = string.gsub(value, "#", ":")
210		- if not datatypes.ipaddrport(v) then
211		- return nil, translate("Custom DNS") .. " " .. translate("Not valid IP format, please re-enter!")
	218	+ if value == "fakedns" then
	219	+ local _dns_mode = dns_mode:formvalue(t)
	220	+ local _tcp_node = tcp_node:formvalue(t)
	221	+ if m:get(_tcp_node, "type"):lower() ~= _dns_mode then
	222	+ return nil, translatef("TCP node must be '%s' type to use FakeDNS.", _dns_mode)
	223	+ end
212	224	end
213	225	return value
214	226	end
215		-o:depends({dns_mode = "custom"})
216	227
217	228	o = s:taboption("DNS", ListValue, "dns_by", translate("Resolver For The List Proxied"))
218	229	o:value("tcp", translatef("Requery DNS By %s", translate("TCP Node")))

		@@ -248,6 +259,7 @@ o:depends("v2ray_dns_mode", "doh")
248	259	---- DNS Forward
249	260	o = s:taboption("DNS", Value, "dns_forward", translate("Remote DNS"))
250	261	--o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. " " .. translate("If you use dns2socks, only the first one is valid.")
	262	+o.datatype = "or(ipaddr,ipaddrport)"
251	263	o.default = "1.1.1.1"
252	264	o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
253	265	o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")

		@@ -261,7 +273,10 @@ o:depends({dns_mode = "udp"})
261	273	o:depends({v2ray_dns_mode = "tcp"})
262	274
263	275	o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet"))
	276	+o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
	277	+ translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
264	278	o.datatype = "ipaddr"
	279	+o:depends("v2ray_dns_mode", "tcp")
265	280	o:depends("v2ray_dns_mode", "doh")
266	281
267	282	o = s:taboption("DNS", ListValue, "dns_query_strategy", translate("Query Strategy"))

		@@ -269,31 +284,33 @@ o.default = "UseIPv4"
269	284	o:value("UseIPv4")
270	285	o:value("UseIPv6")
271	286	o:value("UseIP")
272		-o:depends("dns_mode", "v2ray")
273		-o:depends("dns_mode", "xray")
	287	+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
	288	+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
	289	+o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
	290	+o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
274	291
275	292	o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
276	293	o.default = "1"
277	294	o:depends({dns_mode = "dns2socks"})
278	295	o:depends({dns_mode = "pdnsd"})
279		-o:depends({dns_mode = "v2ray"})
280		-o:depends({dns_mode = "xray"})
	296	+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
	297	+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
	298	+o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
	299	+o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
281	300	o.rmempty = false
282	301
283	302	if has_chnlist and api.is_finded("chinadns-ng") then
284	303	o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
285		- o.default = "1"
286		- o:depends({dns_mode = "nonuse", ["!reverse"] = true})
	304	+ o.default = "0"
	305	+ o:depends({dns_mode = "dns2socks"})
	306	+ o:depends({dns_mode = "pdnsd"})
	307	+ o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
	308	+ o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
	309	+ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
	310	+ o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
	311	+ o:depends({dns_mode = "udp"})
287	312	end
288	313
289		-o = s:taboption("DNS", Flag, "filter_gfwlist_ipv6", translate("Filter GFW List IPv6"), translate("Experimental feature."))
290		-o.default = "0"
291		-o:depends({dns_mode = "nonuse", ["!reverse"] = true})
292		-
293		-o = s:taboption("DNS", Flag, "filter_proxylist_ipv6", translate("Filter Proxy List IPv6"), translate("Experimental feature."))
294		-o.default = "0"
295		-o:depends({dns_mode = "nonuse", ["!reverse"] = true})
296		-
297	314	o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
298	315	o.inputstyle = "remove"
299	316	function o.write(e, e)

		@@ -362,7 +379,7 @@ localhost_udp_proxy_mode.validate = redir_mode_validate
362	379	tips = s:taboption("Proxy", DummyValue, "tips", " ")
363	380	tips.rawhtml = true
364	381	tips.cfgvalue = function(t, n)
365		- return string.format('<a style="color: red" href="acl">%s</a>', translate("Want different devices to use different proxy modes/ports/nodes? Please use access control."))
	382	+ return string.format('<a style="color: red" href="%s">%s</a>', api.url("acl"), translate("Want different devices to use different proxy modes/ports/nodes? Please use access control."))
366	383	end
367	384
368	385	s:tab("log", translate("Log"))

		@@ -387,10 +404,10 @@ trojan_loglevel:value("2", "warn")
387	404	trojan_loglevel:value("3", "error")
388	405	trojan_loglevel:value("4", "fatal")
389	406
390		-s:tab("tips", translate("Tips"))
	407	+s:tab("faq", "FAQ")
391	408
392		-o = s:taboption("tips", DummyValue, "")
393		-o.template = appname .. "/global/tips"
	409	+o = s:taboption("faq", DummyValue, "")
	410	+o.template = appname .. "/global/faq"
394	411
395	412	-- [[ Socks Server ]]--
396	413	o = s:taboption("Main", Flag, "socks_enabled", "Socks " .. translate("Main switch"))

--- a/applications/luci-app-passwall/luasrc/view/passwall/global/tips.htm

+++ b/applications/luci-app-passwall/luasrc/view/passwall/global/faq.htm

		@@ -2,7 +2,15 @@
2	2	local api = require "luci.model.cbi.passwall.api.api"
3	3	-%>
4	4	<div class="cbi-section cbi-tblsection">
5		- <div id="tips_div"></div>
	5	+ <div id="dns_div">
	6	+ <ul><b style="color:red"><%:About DNS issues:%></b>
	7	+ <li style="color:red">1. <span><%:Some browsers may have built-in DNS, be sure to close. Example: Chrome. Settings - Security and Privacy - Security - Use secure DNS disabled.%></span></li>
	8	+ <li style="color:red">2. <span><%:Sometimes after restart, you can not internet, especially the GFW mode. At this time, close all browsers (important), Windows Client, please `ipconfig / flushdns`. Please close the WiFi on the phone, cut the flight mode and then cut back.%></span></li>
	9	+ <li style="color:red">3. <span><%:The client DNS and the default gateway must point to this router.%></span></li>
	10	+ <li style="color:red">4. <span><%:If you have a wrong DNS process, the consequences are at your own risk!%></span></li>
	11	+ </ul>
	12	+ </div>
	13	+ <div id="div2"></div>
6	14	</div>
7	15
8	16	<script>

		@@ -23,7 +31,7 @@ local api = require "luci.model.cbi.passwall.api.api"
23	31	}
24	32	}
25	33
26		- var dom = document.getElementById("tips_div");
	34	+ var dom = document.getElementById("div2");
27	35	if (dom) {
28	36	var li = "";
29	37	li += "<%:You can use load balancing for failover.%>" + "<br />";

--- a/applications/luci-app-passwall/po/zh-cn/passwall.po

+++ b/applications/luci-app-passwall/po/zh-cn/passwall.po

		@@ -142,14 +142,20 @@ msgstr "用于代理特定的列表。"
142	142	msgid "For proxy game network, DNS hijack etc."
143	143	msgstr "用于代理游戏或DNS劫持等..."
144	144
	145	+msgid "DNS Shunt"
	146	+msgstr "DNS分流"
	147	+
	148	+msgid "Domestic group name"
	149	+msgstr "国内分组名"
	150	+
	151	+msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
	152	+msgstr "你只需要在SmartDNS配置好国内DNS分组，并设置重定向或作为Dnsmasq上游，此处填入国内DNS分组名。"
	153	+
145	154	msgid "Filter Mode"
146	155	msgstr "过滤模式"
147	156
148		-msgid "No Filter"
149		-msgstr "不过滤"
150		-
151		-msgid "Custom DNS"
152		-msgstr "自定义DNS"
	157	+msgid "TCP node must be '%s' type to use FakeDNS."
	158	+msgstr "TCP节点必须是 '%s' 类型才能使用 FakeDNS。"
153	159
154	160	msgid "Remote DNS"
155	161	msgstr "远程DNS"

		@@ -193,6 +199,12 @@ msgstr "中国列表不能和中国列表外或防火墙表一起使用！"
193	199	msgid "Cache Resolved"
194	200	msgstr "缓存解析结果"
195	201
	202	+msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
	203	+msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位置（不能是私有 IP 地址）。"
	204	+
	205	+msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
	206	+msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet（RFC7871）。"
	207	+
196	208	msgid "Query Strategy"
197	209	msgstr "查询策略"
198	210

		@@ -202,11 +214,8 @@ msgstr "当访问的域名不存在规则列表中，使用的默认DNS。"
202	214	msgid "The effect is better, but will increase the memory."
203	215	msgstr "效果更好，但会增加内存使用。"
204	216
205		-msgid "Filter GFW List IPv6"
206		-msgstr "过滤GFW列表 IPv6"
207		-
208		-msgid "Filter Proxy List IPv6"
209		-msgstr "过滤代理列表 IPv6"
	217	+msgid "Filter Proxy Host IPv6"
	218	+msgstr "过滤代理域名 IPv6"
210	219
211	220	msgid "Experimental feature."
212	221	msgstr "实验性功能。"

		@@ -220,8 +229,20 @@ msgstr "如果修改规则后没有生效，请尝试此功能。"
220	229	msgid "The server client can also use this rule to scientifically surf the Internet."
221	230	msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
222	231
223		-msgid "Tips"
224		-msgstr "小提示"
	232	+msgid "About DNS issues:"
	233	+msgstr "关于DNS问题："
	234	+
	235	+msgid "Some browsers may have built-in DNS, be sure to close. Example: Chrome. Settings - Security and Privacy - Security - Use secure DNS disabled."
	236	+msgstr "部分浏览器可能有内置的DNS，请务必关闭。如：chrome。设置 - 安全和隐私设置 - 使用安全 DNS 关闭。"
	237	+
	238	+msgid "Sometimes after restart, you can not internet, especially the GFW mode. At this time, close all browsers (important), Windows Client, please `ipconfig / flushdns`. Please close the WiFi on the phone, cut the flight mode and then cut back."
	239	+msgstr "有时候重启后，上不了，尤其是GFW模式。这时请先关闭所有浏览器（重要），Windows客户端请`ipconfig/flushdns`。手机端请关闭WIFI，切一下飞行模式再切回来。"
	240	+
	241	+msgid "The client DNS and the default gateway must point to this router."
	242	+msgstr "客户端DNS和默认网关必须指向本路由器。"
	243	+
	244	+msgid "If you have a wrong DNS process, the consequences are at your own risk!"
	245	+msgstr "如果你自行配置了错误的DNS流程，后果自负！"
225	246
226	247	msgid "You can use load balancing for failover."
227	248	msgstr "可以使用负载均衡实现故障切换功能。"

--- a/applications/luci-app-passwall/root/usr/share/passwall/app.sh

+++ b/applications/luci-app-passwall/root/usr/share/passwall/app.sh

		@@ -347,18 +347,22 @@ run_v2ray_dns_socks() {
347	347	}
348	348	[ -z "$type" ] && return 1
349	349	[ -n "$log_file" ] \|\| log_file="/dev/null"
	350	+ local _extra_param="-dns_listen_port ${listen_port} -dns_socks_address ${socks_address} -dns_socks_port ${socks_port}"
	351	+ [ -n "${dns_query_strategy}" ] && _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
	352	+ [ -n "${dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${dns_client_ip}"
350	353	if [ "$dns_proto" = "tcp" ]; then
351	354	local _dns_forward=$(get_first_dns dns_tcp_server 53 \| sed 's/#/:/g')
352	355	local _dns_address=$(echo ${_dns_forward} \| awk -F ':' '{print $1}')
353		- lua $API_GEN_V2RAY -dns_listen_port "${listen_port}" -dns_server "${_dns_address}" -dns_tcp_server "tcp://${_dns_forward}" -dns_query_strategy "${dns_query_strategy}" -dns_socks_address "${socks_address}" -dns_socks_port "${socks_port}" > $config_file
	356	+ _extra_param="${_extra_param} -dns_server ${_dns_address} -dns_tcp_server tcp://${_dns_forward}"
354	357	elif [ "$dns_proto" = "doh" ]; then
355	358	_doh_url=$(echo $doh \| awk -F ',' '{print $1}')
356	359	_doh_host_port=$(echo $_doh_url \| sed "s/https:\/\///g" \| awk -F '/' '{print $1}')
357	360	_doh_host=$(echo $_doh_host_port \| awk -F ':' '{print $1}')
358	361	_doh_port=$(echo $_doh_host_port \| awk -F ':' '{print $2}')
359	362	_doh_bootstrap=$(echo $doh \| cut -d ',' -sf 2-)
360		- lua $API_GEN_V2RAY -dns_listen_port "${listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" -dns_client_ip "${dns_client_ip}" -dns_query_strategy "${dns_query_strategy}" -dns_socks_address "${socks_address}" -dns_socks_port "${socks_port}" > $config_file
	363	+ _extra_param="${_extra_param} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
361	364	fi
	365	+ lua $API_GEN_V2RAY ${_extra_param} > $config_file
362	366	ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file -config="$config_file"
363	367	}
364	368

		@@ -643,33 +647,43 @@ run_redir() {
643	647	UDP_NODE="nil"
644	648	}
645	649	_extra_param="${_extra_param} ${proto}"
646		- [ "${DNS_MODE}" = "v2ray" -o "${DNS_MODE}" = "xray" ] && [ "$(config_t_get global dns_by)" = "tcp" ] && {
647		- config_file=$(echo $config_file \| sed "s/.json/_DNS.json/g")
648		- resolve_dns=1
649		- local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
650		- _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
651		- [ "${DNS_CACHE}" == "0" ] && _extra_param="${_extra_param} -dns_cache 0"
	650	+ _extra_param="${_extra_param} -route_only 1"
	651	+ [ "${DNS_MODE}" = "v2ray" -o "${DNS_MODE}" = "xray" ] && {
652	652	local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
653		- case "$v2ray_dns_mode" in
654		- tcp)
655		- local dns_forward=$(get_first_dns DNS_FORWARD 53 \| sed 's/#/:/g')
656		- local dns_address=$(echo $dns_forward \| awk -F ':' '{print $1}')
657		- _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${dns_address} -dns_tcp_server tcp://${dns_forward}"
658		- echolog " - 域名解析 DNS Over TCP..."
659		- ;;
660		- doh)
661		- up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
662		- _doh_url=$(echo $up_trust_doh \| awk -F ',' '{print $1}')
663		- _doh_host_port=$(echo $_doh_url \| sed "s/https:\/\///g" \| awk -F '/' '{print $1}')
664		- _doh_host=$(echo $_doh_host_port \| awk -F ':' '{print $1}')
665		- _doh_port=$(echo $_doh_host_port \| awk -F ':' '{print $2}')
666		- _doh_bootstrap=$(echo $up_trust_doh \| cut -d ',' -sf 2-)
667		- _dns_client_ip=$(config_t_get global dns_client_ip)
668		- _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host} -dns_client_ip ${_dns_client_ip}"
669		- unset _doh_url _doh_port _doh_bootstrap
670		- echolog " - 域名解析 DNS Over HTTPS..."
671		- ;;
672		- esac
	653	+ [ "$(config_t_get global dns_by)" = "tcp" -o "${v2ray_dns_mode}" = "fakedns" ] && {
	654	+ config_file=$(echo $config_file \| sed "s/.json/_DNS.json/g")
	655	+ resolve_dns=1
	656	+ local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
	657	+ _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
	658	+ local _dns_client_ip=$(config_t_get global dns_client_ip)
	659	+ [ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
	660	+ [ "${DNS_CACHE}" == "0" ] && _extra_param="${_extra_param} -dns_cache 0"
	661	+ case "$v2ray_dns_mode" in
	662	+ tcp)
	663	+ local dns_forward=$(get_first_dns DNS_FORWARD 53 \| sed 's/#/:/g')
	664	+ local dns_address=$(echo $dns_forward \| awk -F ':' '{print $1}')
	665	+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${dns_address} -dns_tcp_server tcp://${dns_forward}"
	666	+ echolog " - 域名解析 DNS Over TCP..."
	667	+ ;;
	668	+ doh)
	669	+ up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
	670	+ _doh_url=$(echo $up_trust_doh \| awk -F ',' '{print $1}')
	671	+ _doh_host_port=$(echo $_doh_url \| sed "s/https:\/\///g" \| awk -F '/' '{print $1}')
	672	+ _doh_host=$(echo $_doh_host_port \| awk -F ':' '{print $1}')
	673	+ _doh_port=$(echo $_doh_host_port \| awk -F ':' '{print $2}')
	674	+ _doh_bootstrap=$(echo $up_trust_doh \| cut -d ',' -sf 2-)
	675	+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
	676	+ unset _doh_url _doh_port _doh_bootstrap
	677	+ echolog " - 域名解析 DNS Over HTTPS..."
	678	+ ;;
	679	+ fakedns)
	680	+ fakedns=1
	681	+ CHINADNS_NG=0
	682	+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_fakedns 1"
	683	+ echolog " - 域名解析 Fake DNS..."
	684	+ ;;
	685	+ esac
	686	+ }
673	687	}
674	688	lua $API_GEN_V2RAY -node $node -redir_port $local_port -proxy_way $tcp_proxy_way -loglevel $loglevel ${_extra_param} > $config_file
675	689	ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file -config="$config_file"

		@@ -1035,12 +1049,6 @@ start_dns() {
1035	1049	echolog "过滤服务配置：准备接管域名解析..."
1036	1050
1037	1051	case "$DNS_MODE" in
1038		- nonuse)
1039		- echolog " - 不过滤DNS..."
1040		- TUN_DNS=""
1041		- use_chinadns_ng=$(config_t_get global always_use_chinadns_ng 0)
1042		- [ "$use_chinadns_ng" == "0" ] && return
1043		- ;;
1044	1052	dns2socks)
1045	1053	local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) \| sed "s/#/:/g")
1046	1054	local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 \| sed 's/#/:/g')

		@@ -1053,6 +1061,8 @@ start_dns() {
1053	1061	[ "${DNS_CACHE}" == "0" ] && local _extra_param="-dns_cache 0"
1054	1062	local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
1055	1063	_extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
	1064	+ local _dns_client_ip=$(config_t_get global dns_client_ip)
	1065	+ [ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
1056	1066	local dns_by=$(config_t_get global dns_by "tcp")
1057	1067	if [ "${dns_by}" = "tcp" ]; then
1058	1068	use_tcp_node_resolve_dns=1

		@@ -1078,7 +1088,6 @@ start_dns() {
1078	1088	_doh_host=$(echo $_doh_host_port \| awk -F ':' '{print $1}')
1079	1089	_doh_port=$(echo $_doh_host_port \| awk -F ':' '{print $2}')
1080	1090	_doh_bootstrap=$(echo $up_trust_doh \| cut -d ',' -sf 2-)
1081		- _dns_client_ip=$(config_t_get global dns_client_ip)
1082	1091
1083	1092	if [ "${dns_by}" = "tcp" ]; then
1084	1093	DNS_FORWARD=""

		@@ -1089,7 +1098,7 @@ start_dns() {
1089	1098	done
1090	1099	unset _dns _doh_bootstrap_dns
1091	1100	fi
1092		- lua $API_GEN_V2RAY -dns_listen_port "${dns_listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" -dns_client_ip "${_dns_client_ip}" ${_extra_param} > $TMP_PATH/DNS.json
	1101	+ lua $API_GEN_V2RAY -dns_listen_port "${dns_listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" ${_extra_param} > $TMP_PATH/DNS.json
1093	1102	unset _doh_url _doh_port _doh_bootstrap
1094	1103	echolog " - 域名解析 DNS Over HTTPS..."
1095	1104	;;

		@@ -1105,18 +1114,27 @@ start_dns() {
1105	1114	;;
1106	1115	udp)
1107	1116	use_udp_node_resolve_dns=1
1108		- TUN_DNS=${DNS_FORWARD}
1109		- echolog " - 域名解析：直接使用UDP节点请求DNS（$TUN_DNS）"
1110		- ;;
1111		- custom)
1112		- custom_dns=$(config_t_get global custom_dns)
1113		- TUN_DNS="$(echo ${custom_dns} \| sed 's/#/:/g' \| sed -E 's/\:([^:]+)$/#\1/g')"
1114		- echolog " - 域名解析：使用UDP协议自定义DNS（$TUN_DNS）解析..."
	1117	+ TUN_DNS="$(echo ${DNS_FORWARD} \| sed 's/#/:/g' \| sed -E 's/\:([^:]+)$/#\1/g')"
	1118	+ echolog " - 域名解析：使用UDP协议请求DNS（$TUN_DNS）..."
1115	1119	;;
1116	1120	esac
1117	1121
1118	1122	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发！"
1119	1123	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
	1124	+
	1125	+ case "$DNS_SHUNT" in
	1126	+ smartdns)
	1127	+ if [ -n "$(first_type smartdns)" ]; then
	1128	+ local group_domestic=$(config_t_get global group_domestic)
	1129	+ CHINADNS_NG=0
	1130	+ source $APP_PATH/helper_smartdns.sh add DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
	1131	+ source $APP_PATH/helper_smartdns.sh restart
	1132	+ echolog " - 域名解析：使用SmartDNS，请确保配置正常。"
	1133	+ else
	1134	+ DNS_SHUNT="dnsmasq"
	1135	+ fi
	1136	+ ;;
	1137	+ esac
1120	1138
1121	1139	[ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
1122	1140	china_ng_listen_port=$(expr $dns_listen_port + 1)

		@@ -1144,8 +1162,11 @@ start_dns() {
1144	1162	ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f
1145	1163	echolog " + 过滤服务：ChinaDNS-NG(:${china_ng_listen_port})：国内DNS：${china_ng_chn}，可信DNS：${china_ng_gfw}"
1146	1164	}
1147		- source $APP_PATH/helper_${DNS_N}.sh stretch
1148		- source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_GFWLIST_IPV6=${filter_gfwlist_ipv6} NO_PROXYLIST_IPV6=${filter_proxylist_ipv6}
	1165	+
	1166	+ [ "$DNS_SHUNT" = "dnsmasq" ] && {
	1167	+ source $APP_PATH/helper_dnsmasq.sh stretch
	1168	+ source $APP_PATH/helper_dnsmasq.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
	1169	+ }
1149	1170	}
1150	1171
1151	1172	gen_pdnsd_config() {

		@@ -1183,7 +1204,7 @@ gen_pdnsd_config() {
1183	1204	max_ttl = 1w;
1184	1205	timeout = 10;
1185	1206	par_queries = 2;
1186		- neg_domain_pol = on;
	1207	+ neg_domain_pol = off;
1187	1208	udpbufsize = 1024;
1188	1209	proc_limit = 2;
1189	1210	procq_limit = 8;

		@@ -1399,8 +1420,10 @@ stop() {
1399	1420	unset V2RAY_LOCATION_ASSET
1400	1421	unset XRAY_LOCATION_ASSET
1401	1422	stop_crontab
1402		- source $APP_PATH/helper_${DNS_N}.sh del
1403		- source $APP_PATH/helper_${DNS_N}.sh restart no_log=1
	1423	+ source $APP_PATH/helper_smartdns.sh del
	1424	+ source $APP_PATH/helper_smartdns.sh restart no_log=1
	1425	+ source $APP_PATH/helper_dnsmasq.sh del
	1426	+ source $APP_PATH/helper_dnsmasq.sh restart no_log=1
1404	1427	rm -rf ${TMP_PATH}
1405	1428	rm -rf /tmp/lock/${CONFIG}_script.lock
1406	1429	echolog "清空并关闭相关程序和缓存完成。"

		@@ -1441,12 +1464,12 @@ global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LO
1441	1464	returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" \| grep "returnhome")
1442	1465	chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" \| grep "chnroute")
1443	1466	gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" \| grep "gfwlist")
	1467	+DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
1444	1468	DNS_MODE=$(config_t_get global dns_mode pdnsd)
1445	1469	DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 \| sed 's/#/:/g' \| sed -E 's/\:([^:]+)$/#\1/g')
1446	1470	DNS_CACHE=$(config_t_get global dns_cache 0)
1447		-CHINADNS_NG=$(config_t_get global chinadns_ng 1)
1448		-filter_gfwlist_ipv6=$(config_t_get global filter_gfwlist_ipv6 0)
1449		-filter_proxylist_ipv6=$(config_t_get global filter_proxylist_ipv6 0)
	1471	+CHINADNS_NG=$(config_t_get global chinadns_ng 0)
	1472	+filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
1450	1473	dns_listen_port=${DNS_PORT}
1451	1474
1452	1475	DEFAULT_DNS=$(uci show dhcp \| grep "@dnsmasq" \| grep "\.server=" \| awk -F '=' '{print $2}' \| sed "s/'//g" \| tr ' ' '\n' \| grep -v "\/" \| head -2 \| sed ':label;N;s/\n/,/;b label')

--- a/applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh

+++ b/applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh

		@@ -64,44 +64,42 @@ restart() {
64	64	LOG_FILE=${_LOG_FILE}
65	65	}
66	66
67		-gen_dnsmasq_items() {
68		- local ipsetlist=${1}; shift 1
69		- local fwd_dns=${1}; shift 1
70		- local outf=${1}; shift 1
71		-
72		- awk -v ipsetlist="${ipsetlist}" -v ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf" -v fwd_dns="${fwd_dns}" -v outf="${outf}" '
	67	+gen_items() {
	68	+ local ipsets dnss outf ipsetoutf
	69	+ eval_set_val $@
	70	+
	71	+ awk -v ipsets="${ipsets}" -v dnss="${dnss}" -v outf="${outf}" -v ipsetoutf="${ipsetoutf}" '
73	72	BEGIN {
74		- if(outf == "") {outf="/dev/stdout"; ipsetoutf="/dev/stdout";}
75		- split(fwd_dns, dns, ","); setdns=length(dns)>0; setlist=length(ipsetlist)>0;
	73	+ if(outf == "") outf="/dev/stdout";
	74	+ if(ipsetoutf == "") ipsetoutf=outf;
	75	+ split(dnss, dns, ","); setdns=length(dns)>0; setlist=length(ipsets)>0;
76	76	if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
77	77	fail=1;
78	78	}
79	79	! /^$/&&!/^#/ {
80	80	fail=0
81		- if(! (setdns \|\| setlist)) {printf("server=%s\n", $0) >>outf; next;}
82	81	if(setdns) for(i in dns) printf("server=/.%s/%s\n", $0, dns[i]) >>outf;
83		-
84		- if(setlist) printf("ipset=/.%s/%s\n", $0, ipsetlist) >>ipsetoutf;
	82	+ if(setlist) printf("ipset=/.%s/%s\n", $0, ipsets) >>ipsetoutf;
85	83	}
86	84	END {fflush(outf); close(outf); fflush(ipsetoutf); close(ipsetoutf); exit(fail);}
87	85	'
88	86	}
89	87
90		-gen_dnsmasq_address_items() {
91		- local fwd_dns=${1}; shift 1
	88	+gen_address_items() {
	89	+ local address=${1}; shift 1
92	90	local outf=${1}; shift 1
93	91
94		- awk -v fwd_dns="${fwd_dns}" -v outf="${outf}" '
	92	+ awk -v address="${address}" -v outf="${outf}" '
95	93	BEGIN {
96	94	if(outf == "") outf="/dev/stdout";
97		- split(fwd_dns, dns, ","); setdns=length(dns)>0;
98		- if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
	95	+ if(address == "") address="0.0.0.0,::";
	96	+ split(address, ad, ","); setad=length(ad)>0;
	97	+ if(setad) for(i in ad) if(length(ad[i])==0) delete ad[i];
99	98	fail=1;
100	99	}
101	100	! /^$/&&!/^#/ {
102	101	fail=0
103		- if(! setdns) {printf("address=%s\n", $0) >>outf; next;}
104		- if(setdns) for(i in dns) printf("address=/.%s/%s\n", $0, dns[i]) >>outf;
	102	+ if(setad) for(i in ad) printf("address=/.%s/%s\n", $0, ad[i]) >>outf;
105	103	}
106	104	END {fflush(outf); close(outf); exit(fail);}
107	105	'

		@@ -114,7 +112,7 @@ ipset_merge() {
114	112
115	113	add() {
116	114	local fwd_dns item servers msg
117		- local DNS_MODE TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_GFWLIST_IPV6 NO_PROXYLIST_IPV6
	115	+ local DNS_MODE TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
118	116	eval_set_val $@
119	117	_LOG_FILE=$LOG_FILE
120	118	[ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"

		@@ -125,139 +123,156 @@ add() {
125	123	mkdir -p "${TMP_DNSMASQ_PATH}" "${DNSMASQ_PATH}" "/tmp/dnsmasq.d"
126	124	count_hosts_str="!"
127	125
128		- if [ "${DNS_MODE}" = "nonuse" ]; then
129		- echolog " - 不对域名进行分流解析"
130		- LOG_FILE=${_LOG_FILE}
131		- return 0
132		- else
133		- #屏蔽列表
134		- [ -s "${RULES_PATH}/block_host" ] && {
135		- cat "${RULES_PATH}/block_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_dnsmasq_address_items "0.0.0.0" "${TMP_DNSMASQ_PATH}/00-block_host.conf"
136		- }
	126	+ #屏蔽列表
	127	+ [ -s "${RULES_PATH}/block_host" ] && {
	128	+ cat "${RULES_PATH}/block_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_address_items address="0.0.0.0" outf="${TMP_DNSMASQ_PATH}/00-block_host.conf"
	129	+ }
137	130
138		- #始终用国内DNS解析节点域名
139		- fwd_dns="${LOCAL_DNS}"
140		- servers=$(uci show "${CONFIG}" \| grep ".address=" \| cut -d "'" -f 2)
141		- hosts_foreach "servers" host_from_url \| grep '[a-zA-Z]$' \| sort -u \| gen_dnsmasq_items "vpsiplist,vpsiplist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf"
142		- echolog " - [$?]节点列表中的域名(vpsiplist)：${fwd_dns:-默认}"
	131	+ #始终用国内DNS解析节点域名
	132	+ fwd_dns="${LOCAL_DNS}"
	133	+ servers=$(uci show "${CONFIG}" \| grep ".address=" \| cut -d "'" -f 2)
	134	+ hosts_foreach "servers" host_from_url \| grep '[a-zA-Z]$' \| sort -u \| gen_items ipsets="vpsiplist,vpsiplist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	135	+ echolog " - [$?]节点列表中的域名(vpsiplist)：${fwd_dns:-默认}"
143	136
144		- #始终用国内DNS解析直连（白名单）列表
145		- [ -s "${RULES_PATH}/direct_host" ] && {
	137	+ #始终用国内DNS解析直连（白名单）列表
	138	+ [ -s "${RULES_PATH}/direct_host" ] && {
	139	+ fwd_dns="${LOCAL_DNS}"
	140	+ #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
	141	+ cat "${RULES_PATH}/direct_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/11-direct_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	142	+ echolog " - [$?]域名白名单(whitelist)：${fwd_dns:-默认}"
	143	+ }
	144	+
	145	+ subscribe_list=""
	146	+ for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
	147	+ host=$(host_from_url "$(config_n_get ${item} url)")
	148	+ subscribe_list="${subscribe_list}\n${host}"
	149	+ done
	150	+ [ -n "$subscribe_list" ] && {
	151	+ if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
	152	+ #如果没有开启通过代理订阅
146	153	fwd_dns="${LOCAL_DNS}"
147		- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
148		- cat "${RULES_PATH}/direct_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/11-direct_host.conf"
149		- echolog " - [$?]域名白名单(whitelist)：${fwd_dns:-默认}"
150		- }
151		-
152		- subscribe_list=""
153		- for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
154		- host=$(host_from_url "$(config_n_get ${item} url)")
155		- subscribe_list="${subscribe_list}\n${host}"
156		- done
157		- [ -n "$subscribe_list" ] && {
158		- if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
159		- #如果没有开启通过代理订阅
160		- fwd_dns="${LOCAL_DNS}"
161		- echo -e "$subscribe_list" \| sort -u \| gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/12-subscribe.conf"
162		- echolog " - [$?]节点订阅域名(whitelist)：${fwd_dns:-默认}"
163		- else
164		- #如果开启了通过代理订阅
165		- fwd_dns="${TUN_DNS}"
166		- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
167		- echo -e "$subscribe_list" \| sort -u \| gen_dnsmasq_items "blacklist,blacklist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/91-subscribe.conf"
168		- echolog " - [$?]节点订阅域名(blacklist)：${fwd_dns:-默认}"
169		- fi
170		- }
171		-
172		- #始终使用远程DNS解析代理（黑名单）列表
173		- [ -s "${RULES_PATH}/proxy_host" ] && {
	154	+ echo -e "$subscribe_list" \| sort -u \| gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/12-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	155	+ echolog " - [$?]节点订阅域名(whitelist)：${fwd_dns:-默认}"
	156	+ else
	157	+ #如果开启了通过代理订阅
	158	+ fwd_dns="${TUN_DNS}"
174	159	local ipset_flag="blacklist,blacklist6"
175		- if [ "${NO_PROXYLIST_IPV6}" = "1" ]; then
	160	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
176	161	ipset_flag="blacklist"
177		- cat "${RULES_PATH}/proxy_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_dnsmasq_address_items "::" "${TMP_DNSMASQ_PATH}/97-proxy_host-noipv6.conf"
	162	+ echo -e "$subscribe_list" \| sort -u \| gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/91-subscribe-noipv6.conf"
178	163	fi
179		-
180		- fwd_dns="${TUN_DNS}"
181		- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
182		- cat "${RULES_PATH}/proxy_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_dnsmasq_items "${ipset_flag}" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/97-proxy_host.conf"
183		- echolog " - [$?]代理域名表(blacklist)：${fwd_dns:-默认}"
184		- }
	164	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	165	+ echo -e "$subscribe_list" \| sort -u \| gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/91-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	166	+ echolog " - [$?]节点订阅域名(blacklist)：${fwd_dns:-默认}"
	167	+ fi
	168	+ }
	169	+
	170	+ #始终使用远程DNS解析代理（黑名单）列表
	171	+ [ -s "${RULES_PATH}/proxy_host" ] && {
	172	+ local ipset_flag="blacklist,blacklist6"
	173	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	174	+ ipset_flag="blacklist"
	175	+ cat "${RULES_PATH}/proxy_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/97-proxy_host-noipv6.conf"
	176	+ fi
	177	+ fwd_dns="${TUN_DNS}"
	178	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	179	+ cat "${RULES_PATH}/proxy_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/97-proxy_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	180	+ echolog " - [$?]代理域名表(blacklist)：${fwd_dns:-默认}"
	181	+ }
185	182
186		- #分流规则
187		- [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
188		- fwd_dns="${TUN_DNS}"
189		- local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
190		- local shunt_ids=$(uci show $CONFIG \| grep "=shunt_rules" \| awk -F '.' '{print $2}' \| awk -F '=' '{print $1}')
191		- for shunt_id in $shunt_ids; do
192		- local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
193		- [ "$shunt_node_id" = "nil" ] && continue
194		- [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
195		- [ "$shunt_node_id" = "_blackhole" ] && continue
196		- local str=$(echo -n $(config_n_get $shunt_id domain_list \| grep -v 'regexp:\\|geosite:\\|ext:' \| sed 's/domain:\\|full:\\|//g' \| tr -s "\r\n" "\n" \| sort -u) \| sed "s/ /\|/g")
197		- [ -n "$str" ] && count_hosts_str="${count_hosts_str}\|${str}"
198		- [ "$shunt_node_id" = "_direct" ] && {
199		- [ -n "$str" ] && echo $str \| sed "s/\|/\n/g" \| gen_dnsmasq_items "whitelist,whitelist6" "${LOCAL_DNS}" "${TMP_DNSMASQ_PATH}/13-shunt_host.conf"
200		- continue
201		- }
202		- local shunt_node=$(config_n_get $shunt_node_id address nil)
203		- [ "$shunt_node" = "nil" ] && continue
204		- [ -n "$str" ] && echo $str \| sed "s/\|/\n/g" \| gen_dnsmasq_items "shuntlist,shuntlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/98-shunt_host.conf"
205		- done
206		- echolog " - [$?]V2ray/Xray分流规则(shuntlist)：${fwd_dns:-默认}"
207		- }
208		-
209		- [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
210		- [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
211		- [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${direct_hosts_str}"
212		- [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${proxy_hosts_str}"
	183	+ #分流规则
	184	+ [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
	185	+ fwd_dns="${TUN_DNS}"
	186	+ msg_dns="${fwd_dns}"
	187	+ local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
	188	+ local shunt_ids=$(uci show $CONFIG \| grep "=shunt_rules" \| awk -F '.' '{print $2}' \| awk -F '=' '{print $1}')
	189	+ for shunt_id in $shunt_ids; do
	190	+ local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
	191	+ [ "$shunt_node_id" = "nil" ] && continue
	192	+ [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
	193	+ [ "$shunt_node_id" = "_blackhole" ] && continue
	194	+ local str=$(echo -n $(config_n_get $shunt_id domain_list \| grep -v 'regexp:\\|geosite:\\|ext:' \| sed 's/domain:\\|full:\\|//g' \| tr -s "\r\n" "\n" \| sort -u) \| sed "s/ /\|/g")
	195	+ [ -n "$str" ] && count_hosts_str="${count_hosts_str}\|${str}"
	196	+ [ "$shunt_node_id" = "_direct" ] && {
	197	+ [ -n "$str" ] && echo $str \| sed "s/\|/\n/g" \| gen_items ipsets="whitelist,whitelist6" "${LOCAL_DNS}" "${TMP_DNSMASQ_PATH}/13-shunt_host.conf"
	198	+ msg_dns="${LOCAL_DNS}"
	199	+ continue
	200	+ }
	201	+ local shunt_node=$(config_n_get $shunt_node_id address nil)
	202	+ [ "$shunt_node" = "nil" ] && continue
213	203
214		- #如果没有使用回国模式
215		- if [ -z "${returnhome}" ]; then
216		- # GFW 模式
217		- [ -s "${RULES_PATH}/gfwlist" ] && {
218		- grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
219		-
220		- local ipset_flag="gfwlist,gfwlist6"
221		- if [ "${NO_GFWLIST_IPV6}" = "1" ]; then
222		- ipset_flag="gfwlist"
223		- sort -u "${TMP_PATH}/gfwlist" \| gen_dnsmasq_address_items "::" "${TMP_DNSMASQ_PATH}/99-gfwlist-noipv6.conf"
	204	+ [ -n "$str" ] && {
	205	+ local ipset_flag="shuntlist,shuntlist6"
	206	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	207	+ ipset_flag="shuntlist"
	208	+ echo $str \| sed "s/\|/\n/g" \| gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/98-shunt_host-noipv6.conf"
224	209	fi
225		-
226		- fwd_dns="${TUN_DNS}"
227		- [ -n "$CHINADNS_DNS" ] && unset fwd_dns
228		- sort -u "${TMP_PATH}/gfwlist" \| gen_dnsmasq_items "${ipset_flag}" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-gfwlist.conf"
229		- echolog " - [$?]防火墙域名表(gfwlist)：${fwd_dns:-默认}"
230		- rm -f "${TMP_PATH}/gfwlist"
	210	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	211	+ echo $str \| sed "s/\|/\n/g" \| gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/98-shunt_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	212	+ msg_dns="${fwd_dns}"
231	213	}
	214	+ done
	215	+ echolog " - [$?]V2ray/Xray分流规则(shuntlist)：${msg_dns:-默认}"
	216	+ }
	217	+
	218	+ [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
	219	+ [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
	220	+ [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${direct_hosts_str}"
	221	+ [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${proxy_hosts_str}"
	222	+
	223	+ #如果没有使用回国模式
	224	+ if [ -z "${returnhome}" ]; then
	225	+ # GFW 模式
	226	+ [ -s "${RULES_PATH}/gfwlist" ] && {
	227	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
232	228
233		- # 中国列表以外模式
234		- [ -n "${CHINADNS_DNS}" ] && {
235		- fwd_dns="${LOCAL_DNS}"
236		- [ -n "$CHINADNS_DNS" ] && unset fwd_dns
237		- [ -s "${RULES_PATH}/chnlist" ] && {
238		- grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" \| gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/19-chinalist_host.conf"
239		- echolog " - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
240		- }
241		- }
242		- else
243		- #回国模式
	229	+ local ipset_flag="gfwlist,gfwlist6"
	230	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	231	+ ipset_flag="gfwlist"
	232	+ sort -u "${TMP_PATH}/gfwlist" \| gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-gfwlist-noipv6.conf"
	233	+ fi
	234	+ fwd_dns="${TUN_DNS}"
	235	+ [ -n "$CHINADNS_DNS" ] && unset fwd_dns
	236	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	237	+ sort -u "${TMP_PATH}/gfwlist" \| gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-gfwlist.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	238	+ echolog " - [$?]防火墙域名表(gfwlist)：${fwd_dns:-默认}"
	239	+ rm -f "${TMP_PATH}/gfwlist"
	240	+ }
	241	+
	242	+ # 中国列表以外模式
	243	+ [ -n "${CHINADNS_DNS}" ] && {
	244	+ fwd_dns="${LOCAL_DNS}"
	245	+ [ -n "$CHINADNS_DNS" ] && unset fwd_dns
244	246	[ -s "${RULES_PATH}/chnlist" ] && {
245		- grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
246		- fwd_dns="${TUN_DNS}"
247		- sort -u "${TMP_PATH}/chnlist" \| gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-chinalist_host.conf"
	247	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" \| gen_items ipsets="chnroute,chnroute6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/19-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
248	248	echolog " - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
249		- rm -f "${TMP_PATH}/chnlist"
250	249	}
251		- fi
252		-
253		- ipset_merge ${TMP_DNSMASQ_PATH}
	250	+ }
	251	+ else
	252	+ #回国模式
	253	+ [ -s "${RULES_PATH}/chnlist" ] && {
	254	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
	255	+
	256	+ local ipset_flag="chnroute,chnroute6"
	257	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	258	+ ipset_flag="chnroute"
	259	+ sort -u "${TMP_PATH}/chnlist" \| gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host-noipv6.conf"
	260	+ fi
	261	+ fwd_dns="${TUN_DNS}"
	262	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	263	+ sort -u "${TMP_PATH}/chnlist" \| gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
	264	+ echolog " - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
	265	+ rm -f "${TMP_PATH}/chnlist"
	266	+ }
254	267	fi
255	268
	269	+ ipset_merge ${TMP_DNSMASQ_PATH}
	270	+
256	271	echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
257	272	[ -n "${CHINADNS_DNS}" ] && {
258	273	echo "${DEFAULT_DNS}" > $TMP_PATH/default_DNS
259	274	cat <<-EOF >> $DNSMASQ_CONF_FILE
260		- $(echo "${CHINADNS_DNS}" \| sed 's/,/\n/g' \| gen_dnsmasq_items)
	275	+ server=${CHINADNS_DNS}
261	276	all-servers
262	277	no-poll
263	278	no-resolv

--- /dev/null

+++ b/applications/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh

		@@ -0,0 +1,224 @@
	1	+#!/bin/sh
	2	+
	3	+restart() {
	4	+ local no_log
	5	+ eval_set_val $@
	6	+ _LOG_FILE=$LOG_FILE
	7	+ [ -n "$no_log" ] && LOG_FILE="/dev/null"
	8	+ rm -rf /tmp/smartdns.cache
	9	+ /etc/init.d/smartdns reload >/dev/null 2>&1
	10	+ /etc/init.d/dnsmasq restart >/dev/null 2>&1
	11	+ LOG_FILE=${_LOG_FILE}
	12	+}
	13	+
	14	+gen_items() {
	15	+ local ipsets group address speed_check_mode outf
	16	+ eval_set_val $@
	17	+
	18	+ awk -v ipsets="${ipsets}" -v group="${group}" -v speed_check_mode="${speed_check_mode}" -v address="${address}" -v outf="${outf}" '
	19	+ BEGIN {
	20	+ if(outf == "") outf="/dev/stdout";
	21	+ if(group != "") group=" -n " group;
	22	+ if(ipsets != "") ipsets=" -p " ipsets;
	23	+ if(speed_check_mode != "") speed_check_mode=" -c " speed_check_mode;
	24	+ if(address != "") address=" -a " address;
	25	+ fail=1;
	26	+ }
	27	+ ! /^$/&&!/^#/ {
	28	+ fail=0
	29	+ printf("domain-rules /%s/ %s%s%s%s\n", $0, group, ipsets, address, speed_check_mode) >>outf;
	30	+ }
	31	+ END {fflush(outf); close(outf); exit(fail);}
	32	+ '
	33	+}
	34	+
	35	+gen_address_items() {
	36	+ local address=${1}; shift 1
	37	+ local outf=${1}; shift 1
	38	+
	39	+ awk -v address="${address}" -v outf="${outf}" '
	40	+ BEGIN {
	41	+ if(outf == "") outf="/dev/stdout";
	42	+ setaddress=length(address)>0;
	43	+ fail=1;
	44	+ }
	45	+ ! /^$/&&!/^#/ {
	46	+ fail=0
	47	+ if(setaddress) printf("address /%s/%s\n", $0, address) >>outf;
	48	+ }
	49	+ END {fflush(outf); close(outf); exit(fail);}
	50	+ '
	51	+}
	52	+
	53	+add() {
	54	+ local fwd_dns fwd_group item servers msg
	55	+ local DNS_MODE SMARTDNS_CONF DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
	56	+ eval_set_val $@
	57	+ _LOG_FILE=$LOG_FILE
	58	+ [ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
	59	+ global=$(echo "${PROXY_MODE}" \| grep "global")
	60	+ returnhome=$(echo "${PROXY_MODE}" \| grep "returnhome")
	61	+ chnlist=$(echo "${PROXY_MODE}" \| grep "chnroute")
	62	+ gfwlist=$(echo "${PROXY_MODE}" \| grep "gfwlist")
	63	+ touch ${SMARTDNS_CONF}
	64	+ count_hosts_str="!"
	65	+ [ -z "${REMOTE_GROUP}" ] && {
	66	+ REMOTE_GROUP="${CONFIG}_proxy"
	67	+ [ -n "${TUN_DNS}" ] && TUN_DNS="$(echo ${TUN_DNS} \| sed 's/#/:/g')"
	68	+ echo "server ${TUN_DNS} -group ${REMOTE_GROUP} -exclude-default-group" >> ${SMARTDNS_CONF}
	69	+ }
	70	+
	71	+ #屏蔽列表
	72	+ [ -s "${RULES_PATH}/block_host" ] && {
	73	+ cat "${RULES_PATH}/block_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_address_items "-" "${SMARTDNS_CONF}"
	74	+ }
	75	+
	76	+ #始终用国内DNS解析节点域名
	77	+ servers=$(uci show "${CONFIG}" \| grep ".address=" \| cut -d "'" -f 2)
	78	+ hosts_foreach "servers" host_from_url \| grep '[a-zA-Z]$' \| sort -u \| gen_items ipsets="#4:vpsiplist,#6:vpsiplist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
	79	+ echolog " - [$?]节点列表中的域名(vpsiplist)使用分组：${LOCAL_GROUP:-默认}"
	80	+
	81	+ #始终用国内DNS解析直连（白名单）列表
	82	+ [ -s "${RULES_PATH}/direct_host" ] && {
	83	+ cat "${RULES_PATH}/direct_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
	84	+ echolog " - [$?]域名白名单(whitelist)使用分组：${LOCAL_GROUP:-默认}"
	85	+ }
	86	+
	87	+ subscribe_list=""
	88	+ for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
	89	+ host=$(host_from_url "$(config_n_get ${item} url)")
	90	+ subscribe_list="${subscribe_list}\n${host}"
	91	+ done
	92	+ [ -n "$subscribe_list" ] && {
	93	+ if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
	94	+ #如果没有开启通过代理订阅
	95	+ echo -e "$subscribe_list" \| sort -u \| gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
	96	+ echolog " - [$?]节点订阅域名(whitelist)使用分组：${LOCAL_GROUP:-默认}"
	97	+ else
	98	+ #如果开启了通过代理订阅
	99	+ local ipset_flag="#4:blacklist,#6:blacklist6"
	100	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	101	+ ipset_flag="#4:blacklist"
	102	+ address="#6"
	103	+ fi
	104	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	105	+ echo -e "$subscribe_list" \| sort -u \| gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
	106	+ echolog " - [$?]节点订阅域名(blacklist)使用分组：${REMOTE_GROUP}"
	107	+ fi
	108	+ }
	109	+
	110	+ #始终使用远程DNS解析代理（黑名单）列表
	111	+ [ -s "${RULES_PATH}/proxy_host" ] && {
	112	+ local ipset_flag="#4:blacklist,#6:blacklist6"
	113	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	114	+ ipset_flag="#4:blacklist"
	115	+ address="#6"
	116	+ fi
	117	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	118	+ cat "${RULES_PATH}/proxy_host" \| tr -s '\n' \| grep -v "^#" \| sort -u \| gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
	119	+ echolog " - [$?]代理域名表(blacklist)使用分组：${REMOTE_GROUP}"
	120	+ }
	121	+
	122	+ #分流规则
	123	+ [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
	124	+ local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
	125	+ local shunt_ids=$(uci show $CONFIG \| grep "=shunt_rules" \| awk -F '.' '{print $2}' \| awk -F '=' '{print $1}')
	126	+ for shunt_id in $shunt_ids; do
	127	+ local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
	128	+ [ "$shunt_node_id" = "nil" ] && continue
	129	+ [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
	130	+ [ "$shunt_node_id" = "_blackhole" ] && continue
	131	+ local str=$(echo -n $(config_n_get $shunt_id domain_list \| grep -v 'regexp:\\|geosite:\\|ext:' \| sed 's/domain:\\|full:\\|//g' \| tr -s "\r\n" "\n" \| sort -u) \| sed "s/ /\|/g")
	132	+ [ -n "$str" ] && count_hosts_str="${count_hosts_str}\|${str}"
	133	+ [ "$shunt_node_id" = "_direct" ] && {
	134	+ [ -n "$str" ] && echo $str \| sed "s/\|/\n/g" \| gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
	135	+ msg_dns="${LOCAL_GROUP}"
	136	+ continue
	137	+ }
	138	+ local shunt_node=$(config_n_get $shunt_node_id address nil)
	139	+ [ "$shunt_node" = "nil" ] && continue
	140	+
	141	+ [ -n "$str" ] && {
	142	+ local ipset_flag="#4:shuntlist,#6:shuntlist6"
	143	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	144	+ ipset_flag="#4:shuntlist"
	145	+ address="#6"
	146	+ fi
	147	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	148	+ echo $str \| sed "s/\|/\n/g" \| gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
	149	+ msg_dns="${REMOTE_GROUP}"
	150	+ }
	151	+ done
	152	+ echolog " - [$?]V2ray/Xray分流规则(shuntlist)：${msg_dns:-默认}"
	153	+ }
	154	+
	155	+ [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
	156	+ [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host \| tr -s '\n' \| grep -v "^#" \| sort -u) \| sed "s/ /\|/g")"
	157	+ [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${direct_hosts_str}"
	158	+ [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}\|${proxy_hosts_str}"
	159	+
	160	+ #如果没有使用回国模式
	161	+ if [ -z "${returnhome}" ]; then
	162	+ # GFW 模式
	163	+ [ -s "${RULES_PATH}/gfwlist" ] && {
	164	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
	165	+
	166	+ local ipset_flag="#4:gfwlist,#6:gfwlist6"
	167	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	168	+ ipset_flag="#4:gfwlist"
	169	+ address="#6"
	170	+ fi
	171	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	172	+ sort -u "${TMP_PATH}/gfwlist" \| gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
	173	+ echolog " - [$?]防火墙域名表(gfwlist)使用分组：${REMOTE_GROUP}"
	174	+ rm -f "${TMP_PATH}/gfwlist"
	175	+ }
	176	+
	177	+ # 中国列表以外模式
	178	+ [ -s "${RULES_PATH}/chnlist" ] && [ -n "${chnlist}" ] && {
	179	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" \| gen_items ipsets="#4:chnroute,#6:chnroute6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
	180	+ echolog " - [$?]中国域名表(chnroute)使用分组：${LOCAL_GROUP:-默认}"
	181	+ }
	182	+ else
	183	+ #回国模式
	184	+ [ -s "${RULES_PATH}/chnlist" ] && {
	185	+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
	186	+
	187	+ local ipset_flag="#4:chnroute,#6:chnroute6"
	188	+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
	189	+ ipset_flag="#4:chnroute"
	190	+ address="#6"
	191	+ fi
	192	+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
	193	+ sort -u "${TMP_PATH}/chnlist" \| gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
	194	+ echolog " - [$?]中国域名表(chnroute)使用分组：${REMOTE_GROUP}"
	195	+ rm -f "${TMP_PATH}/chnlist"
	196	+ }
	197	+ fi
	198	+
	199	+ echo "conf-file ${SMARTDNS_CONF}" >> /etc/smartdns/custom.conf
	200	+ echolog " - 请让SmartDNS作为Dnsmasq的上游或重定向！"
	201	+ LOG_FILE=${_LOG_FILE}
	202	+}
	203	+
	204	+del() {
	205	+ rm -rf /tmp/etc/smartdns/passwall.conf
	206	+ sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1
	207	+ rm -rf /tmp/smartdns.cache
	208	+ /etc/init.d/smartdns reload
	209	+}
	210	+
	211	+arg1=$1
	212	+shift
	213	+case $arg1 in
	214	+add)
	215	+ add $@
	216	+ ;;
	217	+del)
	218	+ del $@
	219	+ ;;
	220	+restart)
	221	+ restart $@
	222	+ ;;
	223	+*) ;;
	224	+esac

--- a/applications/luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic

+++ b/applications/luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic

		@@ -112,6 +112,7 @@ start_service()
112	112	"lower_than_999kbps") procd_append_param env MIN_BR="600000" ;;
113	113	"replace_all") procd_append_param env MIN_BR="9999999" ;;
114	114	esac
	115	+ procd_append_param env JSON_LOG="true"
115	116
116	117	procd_set_param stdout 1
117	118	procd_set_param stderr 1

Show on old repository browser

		@@ -5,16 +5,12 @@ config global
5	5	option tcp_node 'nil'
6	6	option udp_node 'nil'
7	7	option dns_mode 'pdnsd'
8		- option up_china_dns 'default'
9	8	option dns_forward '1.1.1.1'
10		- option dns_cache '0'
11		- option filter_gfwlist_ipv6 '0'
12		- option filter_proxylist_ipv6 '0'
	9	+ option filter_proxy_ipv6 '0'
13	10	option tcp_proxy_mode 'chnroute'
14	11	option udp_proxy_mode 'chnroute'
15	12	option localhost_tcp_proxy_mode 'default'
16	13	option localhost_udp_proxy_mode 'default'
17		- option socks_server '127.0.0.1:1080'
18	14	option close_log_tcp '0'
19	15	option close_log_udp '0'
20	16	option loglevel 'error'